General | |
---|---|
Designers | Ron Rivest (RSA Security) |
First published | Leaked in 1994 (designed in 1987) |
Cipher detail | |
Key sizes | 40– bits 2048 |
State size | bits ( 2064 effective) 1684 |
Rounds | 1 |
Speed | 7 cycles per byte on original Pentium Modified Alleged RC4 on Intel Core 2: 13.9 cycles per byte |
In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is a stream cipher. While remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure such as WEP.
As of 2015[update], there is speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol.IETF has published RFC 7465 to prohibit the use of RC4 in TLS;Mozilla and Microsoft have issued similar recommendations.
In 2014, Ronald Rivest gave a talk and published a paper on an updated redesign called Spritz. A hardware accelerator of Spritz was published in Secrypt, 2016. The authors have shown that due to multiple nested calls required to produce output bytes, Spritz performs rather slowly compared to other hash functions such as SHA-3 and best known hardware implementation of RC4.
RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code" (see also RC2, RC5 and RC6).
RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. It was soon posted on the sci.crypt newsgroup, and from there to many sites on the Internet. The leaked code was confirmed to be genuine as its output was found to match that of proprietary software using licensed RC4. Because the algorithm is known, it is no longer a trade secret. The name RC4 is trademarked, so RC4 is often referred to as ARCFOUR or ARC4 (meaning alleged RC4) to avoid trademark problems. RSA Security has never officially released the algorithm; Rivest has, however, linked to the article on RC4 in his own course notes in 2008 and confirmed the history of RC4 and its code in a 2014 paper by him.